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IN THE CLAIMS 

Please amend the claims as follows: 

1 . (Currently Amended) A system for authorizing client access to a network resource, 
comprising: 

a server having at least one directory that can be accessed using a network protocol, said 
at least one directory being configured to store information concerning an entity's organization; 
and 

a firewall that is configured to intercept network resource requests from a plurality of 
client users on an internal network , said firewall being operative to authorize a network resource 
request based upon a comparison of the contents of at least part of one or more entries in said at 
least one directory to an authorization filter, wherein said authorization filter is generated based 
on a directory schema that is predefined by said entity. 

2. (Original) The system of claim 1, wherein said at least one directory is a lightweight 
directory access protocol directory. ^ 

3. (Original) The system of claim 1, wherein said authorization filter is specified using a 
graphical user interface. 

4. (Original) The system of claim 1, wherein said authorization filter implements a per-user 
authentication scheme. 

5. (Original) The system of claim 1, wherein said authorization filter implements a per- 
service authentication scheme. 

6. (Original) The system of claim 1, wherein said firewall and said directory communicate 
using secure socket layer communication. 
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7. (Original) The system of claim 1, wherein said firewall is configured to query multiple 
directories. 



8. (Currently Amended) An authentication method at a firewall, comprising the steps of 

(a) receiving a network resource request from a client user at an internal network ; 

(b) querying, using a network protocol, at least one directory that is configured to 
store information concerning an entity's organization, wherein said query is based upon an 
authorization filter that is generated based on a directory schema that is predefined by said entity; 

(c) determining, based on the results of said query, whether the contents of at least 
part of one or more entries in said at least one directory satisfy said authorization filter; and 

(d) permitting said network resource request through said firewall if said 
authorization filter is satisfied. 

9. (Original) The method of claim 8, wherein step (b) comprises the step of querying said at 
least one directory using a Kghtweight directory access protocol. 

10. (Original) The method of claim 8, fiirther comprising the step of specifying an 
authorization filter using a graphical user interface. 

11. (Original) The method of claim 10, wherein said specifying step comprises the step of 
specifying an authorization filter that implements a per-user authentication scheme. 

12. (Original) The method of claim 10, wherein said specifying step comprises the step of 
specifying an authorization filter that implements a per-service authentication scheme. 

13. (Original) The method of claim 8, wherein step (b) comprises the step of querying said 
directory using secure socket layer communication. 



AMENDMENT AND RESPONSE UNDER 37 CFR §1.111 Page 4 

Serial Number: 09/495,157 Dkt: 105.201 USl 

Filing Date: January 31, 2000 

Title: SYSTEM, METHOD AND COMPUTER PROGRAM PRODUCT FOR AUTHENTICATING USERS USING A LIGHTWEIGHT 
DIRECTORY ACCESS PROTOCOL (LDAP) DIRECTORY SERVER 

14. (Original) The method of claim 8, wherein step (b) comprises the step of querying 
multiple directories. 



15-16. (Cancelled) 

1 7. (Currently Amended) A computer program product for enabling a processor in a 
computer system to implement an authentication process, said computer program product 
comprising: 

a computer usable medium having computer readable program code embodied in said 
medium for causing a program to execute on the computer system, said computer readable 
program code comprising: 

first computer readable program code for enabling the computer system to receive a 
network resource request from a client user at an intemal network ; 

second computer readable program code for enabling the computer system to query, 
using a network protocol, at least one directory that is configured to store information concerning 
an entity's organization, wherein said query is based upon an authorization filter that is generated 
based on a directory schema that is predefined by said entity; 

third computer readable program code for enabling the computer system to determine, 
based on the results of said query, whether the contents of at least part of one or more entries in 
said at least one directory satisfy said authorization filter; and 

fourth computer readable program code for enabling the computer system to permit said network 
resource request through say a firewall if said authorization fiher is satisfied. 



